You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters.
CVE-2020-7754 - High Severity Vulnerability
npm-user-validate-0.1.5.tgz
User validations for npm
Library home page: https://registry.npmjs.org/npm-user-validate/-/npm-user-validate-0.1.5.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/david/node_modules/npm/node_modules/npm-user-validate/package.json
Dependency Hierarchy:
npm-user-validate-1.0.0.tgz
User validations for npm
Library home page: https://registry.npmjs.org/npm-user-validate/-/npm-user-validate-1.0.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/npm/node_modules/npm-user-validate/package.json
Dependency Hierarchy:
Found in HEAD commit: fc4f63cd9d7cfd34b5d6322a49f9b670bd83cb27
Found in base branch: master
This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters.
Publish Date: 2020-10-27
URL: CVE-2020-7754
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7754
Release Date: 2020-10-27
Fix Resolution (npm-user-validate): 1.0.1
Direct dependency fix Resolution (david): 11.1.0
Fix Resolution (npm-user-validate): 1.0.1
Direct dependency fix Resolution (npm): 6.9.2
⛑️ Automatic Remediation will be attempted for this issue.
The text was updated successfully, but these errors were encountered: